[OmniOS-discuss] question about service firewall rules

sergey ivanov sergey57 at gmail.com
Wed Jul 29 17:40:28 UTC 2015


Hi,
I want to restrict ssh logins to my OmniOS boxes to particular subnets.
I am trying to do the following:
---
# svccfg -s ssh setprop firewall_config/policy = astring: allow
# svccfg -s ssh setprop firewall_config/apply_to = astring:
network:192.168.1.0/24
# svccfg -s ssh setprop firewall_config/apply_to = astring:  host:128.8.128.117
# svcadm refresh ssh
# svcadm refresh ipfilter
---
It works, but when I want to restart service ssh, it goes to
maintenance mode with log lines in
/var/svc/log/network-ipfilter\:default.log telling:
---
[ Wed Jul 29 15:11:14 UTC 2015 /lib/svc/method/ipfilter:
svc:/network/ssh:default has invalid ipf configuration. ]
[ Wed Jul 29 15:11:14 UTC 2015 /lib/svc/method/ipfilter: placing
svc:/network/ssh:default in maintenance. ]
---
Everything returns to working mode by disabling both ssh and ipfilter
services and reenabling them. Is it known problem, or I am doing
something wrong?
-- 
Regards,
Sergey Ivanov | sergey57 at gmail.com
http://www.linkedin.com/pub/sergey-ivanov/8/270/a09


More information about the OmniOS-discuss mailing list